Browse code

[nginx]add-security-headers-and-disabled-tls1.0-1.1

Manuel Guilley authored on 02/05/2018 09:47:37
Showing 1 changed files
... ...
@@ -54,6 +54,9 @@ server {
54 54
 
55 55
   add_header Strict-Transport-Security max-age=15768000; # six months
56 56
   add_header X-Frame-Options SAMEORIGIN;
57
+  add_header X-Content-Type-Options nosniff;
58
+  add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
59
+  add_header X-XSS-Protection "1; mode=block";
57 60
   error_page 403 /errors-pages/403.html;
58 61
   error_page 404 /errors-pages/404.html;
59 62
   error_page 500 /errors-pages/500.html;